255,679 research outputs found
Towards Automating the Construction & Maintenance of Attack Trees: a Feasibility Study
Security risk management can be applied on well-defined or existing systems;
in this case, the objective is to identify existing vulnerabilities, assess the
risks and provide for the adequate countermeasures. Security risk management
can also be applied very early in the system's development life-cycle, when its
architecture is still poorly defined; in this case, the objective is to
positively influence the design work so as to produce a secure architecture
from the start. The latter work is made difficult by the uncertainties on the
architecture and the multiple round-trips required to keep the risk assessment
study and the system architecture aligned. This is particularly true for very
large projects running over many years. This paper addresses the issues raised
by those risk assessment studies performed early in the system's development
life-cycle. Based on industrial experience, it asserts that attack trees can
help solve the human cognitive scalability issue related to securing those
large, continuously-changing system-designs. However, big attack trees are
difficult to build, and even more difficult to maintain. This paper therefore
proposes a systematic approach to automate the construction and maintenance of
such big attack trees, based on the system's operational and logical
architectures, the system's traditional risk assessment study and a security
knowledge database.Comment: In Proceedings GraMSec 2014, arXiv:1404.163
Identifying Security-Critical Cyber-Physical Components in Industrial Control Systems
In recent years, Industrial Control Systems (ICS) have become an appealing
target for cyber attacks, having massive destructive consequences. Security
metrics are therefore essential to assess their security posture. In this
paper, we present a novel ICS security metric based on AND/OR graphs that
represent cyber-physical dependencies among network components. Our metric is
able to efficiently identify sets of critical cyber-physical components, with
minimal cost for an attacker, such that if compromised, the system would enter
into a non-operational state. We address this problem by efficiently
transforming the input AND/OR graph-based model into a weighted logical formula
that is then used to build and solve a Weighted Partial MAX-SAT problem. Our
tool, META4ICS, leverages state-of-the-art techniques from the field of logical
satisfiability optimisation in order to achieve efficient computation times.
Our experimental results indicate that the proposed security metric can
efficiently scale to networks with thousands of nodes and be computed in
seconds. In addition, we present a case study where we have used our system to
analyse the security posture of a realistic water transport network. We discuss
our findings on the plant as well as further security applications of our
metric.Comment: Keywords: Security metrics, industrial control systems,
cyber-physical systems, AND-OR graphs, MAX-SAT resolutio
Safety and security management through an integrated multidisciplinary model and related integrated technological framework
The purpose of this paper is to illustrate a multidisciplinary model for safety and security management (IMMSSM) which can be implemented by means of a suitable Integrated Technological System Framework (ITSF) that can be based on Internet of Things (IoT)/Internet of Everything (IoE), showing also the significant role played by the integration of the elements that compose the model itself, thanks to a proper genetic algorithm studied for the specific context
An n-sided polygonal model to calculate the impact of cyber security events
This paper presents a model to represent graphically the impact of cyber
events (e.g., attacks, countermeasures) in a polygonal systems of n-sides. The
approach considers information about all entities composing an information
system (e.g., users, IP addresses, communication protocols, physical and
logical resources, etc.). Every axis is composed of entities that contribute to
the execution of the security event. Each entity has an associated weighting
factor that measures its contribution using a multi-criteria methodology named
CARVER. The graphical representation of cyber events is depicted as straight
lines (one dimension) or polygons (two or more dimensions). Geometrical
operations are used to compute the size (i.e, length, perimeter, surface area)
and thus the impact of each event. As a result, it is possible to identify and
compare the magnitude of cyber events. A case study with multiple security
events is presented as an illustration on how the model is built and computed.Comment: 16 pages, 5 figures, 2 tables, 11th International Conference on Risks
and Security of Internet and Systems, (CRiSIS 2016), Roscoff, France,
September 201
Advanced Cloud Privacy Threat Modeling
Privacy-preservation for sensitive data has become a challenging issue in
cloud computing. Threat modeling as a part of requirements engineering in
secure software development provides a structured approach for identifying
attacks and proposing countermeasures against the exploitation of
vulnerabilities in a system . This paper describes an extension of Cloud
Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in
relation to processing sensitive data in cloud computing environments. It
describes the modeling methodology that involved applying Method Engineering to
specify characteristics of a cloud privacy threat modeling methodology,
different steps in the proposed methodology and corresponding products. We
believe that the extended methodology facilitates the application of a
privacy-preserving cloud software development approach from requirements
engineering to design
- …